CVE-2008-4000 - OpenCVE

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jdedwards	Enterpriseone
Oracle	Jd Edwards Enterpriseone Peoplesoft Enterprise Peoplesoft Peopletools

Configuration 1 [-]

OR	cpe:2.3:a:jdedwards:enterpriseone:8.48.18:::::::*
	cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.49.14:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise:8.48.18:::::::*
	cpe:2.3:a:oracle:peoplesoft_peopletools:8.49.14:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/32291
http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
http://www.securityfocus.com/archive/1/497543/100/0/threaded
http://www.securitytracker.com/id?1021055
http://www.vupen.com/english/advisories/2008/2825
https://exchange.xforce.ibmcloud.com/vulnerabilities/45902

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2008-10-14T21:00:00

Updated: 2024-08-07T10:00:42.564Z

Reserved: 2008-09-09T00:00:00

Link: CVE-2008-4000

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-14T21:11:11.347

Modified: 2018-10-11T20:50:37.280

Link: CVE-2008-4000

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"}, {"name": "oracle-peoplesoft-peopletools-unauth-access(45902)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45902"}, {"name": "32291", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32291"}, {"name": "1021055", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021055"}, {"name": "ADV-2008-2825", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2825"}, {"name": "20081019 CVE-2008-4000: Oracle PeopleTools ? Authentication Weakness", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497543/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2008-4000", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"}, {"name": "oracle-peoplesoft-peopletools-unauth-access(45902)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45902"}, {"name": "32291", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32291"}, {"name": "1021055", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021055"}, {"name": "ADV-2008-2825", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2825"}, {"name": "20081019 CVE-2008-4000: Oracle PeopleTools ? Authentication Weakness", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497543/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:00:42.564Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"}, {"name": "oracle-peoplesoft-peopletools-unauth-access(45902)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45902"}, {"name": "32291", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32291"}, {"name": "1021055", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021055"}, {"name": "ADV-2008-2825", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2825"}, {"name": "20081019 CVE-2008-4000: Oracle PeopleTools ? Authentication Weakness", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497543/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2008-4000", "datePublished": "2008-10-14T21:00:00", "dateReserved": "2008-09-09T00:00:00", "dateUpdated": "2024-08-07T10:00:42.564Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jdedwards:enterpriseone:8.48.18:*:*:*:*:*:*:*", "matchCriteriaId": "DDBFDD4C-E08E-4A50-BA64-37ADBD74BBDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.49.14:*:*:*:*:*:*:*", "matchCriteriaId": "8025564F-6B4B-4917-A036-2E4636766638", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise:8.48.18:*:*:*:*:*:*:*", "matchCriteriaId": "31AB60B9-5213-423F-ADF7-1E2CB62B596B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_peopletools:8.49.14:*:*:*:*:*:*:*", "matchCriteriaId": "07EC0483-2BF6-4EF1-AFB0-FBA01F19B867", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente PeopleTools en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne v8.48.18 y v8.49.14 permite a atacantes remotos afectar a la confidencialidad e integridad a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2008-4000", "lastModified": "2018-10-11T20:50:37.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-14T21:11:11.347", "references": [{"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32291"}, {"source": "secalert_us@oracle.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/archive/1/497543/100/0/threaded"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id?1021055"}, {"source": "secalert_us@oracle.com", "url": "http://www.vupen.com/english/advisories/2008/2825"}, {"source": "secalert_us@oracle.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45902"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}